Skip to main content
Decide how flow code is isolated before you go to production. Here is a simplified way to choose:
Multi-tenant → use V8 / Code Sandboxing. Secure, and needs no privileged Docker access in Kubernetes (privileged Docker is usually disallowed to prevent root escalation).
Single-tenant → use No Sandboxing. Faster, and needs no privileged Docker access.
Set the mode with the AP_EXECUTION_MODE environment variable. The table below lists every mode and its exact value:
NameSupports NPM in Code PieceRequires Docker to be PrivilegedPerformanceSecure for Multi TenantReusable WorkersEnvironment Variable
V8/Code SandboxingNoFast & LightweightSet AP_EXECUTION_MODE to SANDBOX_CODE_ONLY
No SandboxingNoFast & LightweightSet AP_EXECUTION_MODE to UNSANDBOXED
Kernel Namespaces SandboxingYesSlow & CPU IntensiveSet AP_EXECUTION_MODE to SANDBOX_PROCESS
Combined SandboxingYesMedium & CPU IntensiveSet AP_EXECUTION_MODE to SANDBOX_CODE_AND_PROCESS
Want the reasoning behind each mode — how fork()/V8 isolation and kernel-namespace isolation actually work, and their security trade-offs? See Sandboxing in the Architecture section.